
package org.owasp.webgoat.lessons;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.ArrayList;
import java.util.List;
import org.apache.ecs.Element;
import org.apache.ecs.ElementContainer;
import org.apache.ecs.StringElement;
import org.apache.ecs.html.A;
import org.apache.ecs.html.BR;
import org.apache.ecs.html.Div;
import org.apache.ecs.html.H1;
import org.apache.ecs.html.H2;
import org.apache.ecs.html.Input;
import org.apache.ecs.html.TD;
import org.apache.ecs.html.TR;
import org.apache.ecs.html.Table;
import org.apache.ecs.xhtml.style;
import org.owasp.webgoat.session.DatabaseUtilities;
import org.owasp.webgoat.session.WebSession;


/***************************************************************************************************
 * 
 * 
 * This file is part of WebGoat, an Open Web Application Security Project utility. For details,
 * please see http://www.owasp.org/
 * 
 * Copyright (c) 2002 - 2007 Bruce Mayhew
 * 
 * This program is free software; you can redistribute it and/or modify it under the terms of the
 * GNU General Public License as published by the Free Software Foundation; either version 2 of the
 * License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without
 * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License along with this program; if
 * not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
 * 02111-1307, USA.
 * 
 * Getting Source ==============
 * 
 * Source for this application is maintained at code.google.com, a repository for free software
 * projects.
 * 
 * 
 * For details, please see http://code.google.com/p/webgoat/
 * 
 * @author Reto Lippuner, Marcel Wirth
 * @created April 7, 2008
 */

public class MultiLevelLogin1 extends SequentialLessonAdapter
{
	private final static String USER = "user";
	private final static String PASSWORD = "pass";
	private final static String HIDDEN_TAN = "hidden_tan";
	private final static String TAN = "tan";

	private final static String LOGGEDIN = "loggedin";
	private final static String CORRECTTAN = "correctTan";
	private final static String LOGGEDINUSER = "loggedInUser";

	/**
	 * Creates Staged WebContent
	 * 
	 * @param s
	 */
	protected Element createContent(WebSession s)
	{
		return super.createStagedContent(s);
	}

	/**
	 * See if the user has logged in correctly
	 * 
	 * @param s
	 * @return true if loggedIn
	 */
	private boolean loggedIn(WebSession s)
	{
		try
		{
			return s.get(LOGGEDIN).equals("true");
		} catch (Exception e)
		{
			return false;
		}
	}

	/**
	 * See if the user had used a valid tan
	 * 
	 * @param s
	 * @return true if correctTan
	 */
	private boolean correctTan(WebSession s)
	{
		try
		{
			return s.get(CORRECTTAN).equals("true");
		} catch (Exception e)
		{
			return false;
		}
	}

	/**
	 * Get the logged in user
	 * 
	 * @param s
	 * @return the logged in user
	 */
	private String getLoggedInUser(WebSession s)
	{
		try
		{
			String user = (String) s.get(LOGGEDINUSER);
			return user;
		} catch (Exception e)
		{
			return "";
		}
	}

	/**
	 * Creation of the main content
	 * 
	 * @param s
	 * @return Element
	 */
	protected Element createMainContent(WebSession s)
	{
		ElementContainer ec = new ElementContainer();

		try
		{
			style sty = new style();

			sty
					.addElement("#lesson_wrapper {height: 435px;width: " +
							"500px;}#lesson_header {background-image: " +
							"url(lessons/DBSQLInjection/images/lesson1_header.jpg);width:" +
							" 490px;padding-right: 10px;padding-top: 60px;background-repeat: no-repeat;}.lesson_workspace " +
							"{background-image: url(lessons/DBSQLInjection/images/lesson1_workspace.jpg);width: 489px;height: " +
							"325px;padding-left: 10px;padding-top: 10px;background-repeat: no-repeat;}		" +
							".lesson_text {height: 240px;width: 460px;padding-top: 5px;}			" +
							"#lesson_buttons_bottom {height: 20px;width: 460px;}			" +
							"#lesson_b_b_left {width: 300px;float: left;}			" +
							"#lesson_b_b_right input {width: 100px;float: right;}			" +
							".lesson_title_box {height: 20px;width: 420px;padding-left: 30px;}			" +
							".lesson_workspace { }			" +
							".lesson_txt_10 {font-family: Arial, Helvetica, sans-serif;font-size: 10px;}			" +
							".lesson_text_db {color: #0066FF}			" +
							"#lesson_login {background-image: url(lessons/DBSQLInjection/images/lesson1_loginWindow.jpg);height: " +
							"124px;width: 311px;background-repeat: no-repeat;padding-top: 30px;margin-left: 80px;margin-top:" +
							" 50px;text-align: center;}			#lesson_login_txt {font-family: Arial, Helvetica, sans-serif;font-size: " +
							"12px;text-align: center;}			#lesson_search {background-image: " +
							"url(lessons/DBSQLInjection/images/lesson1_SearchWindow.jpg);height: 124px;width: 311px;background-repeat: " +
							"no-repeat;padding-top: 30px;margin-left: 80px;margin-top: 50px;text-align: center;}");
			ec.addElement(sty);

			Div wrapperDiv = new Div();
			wrapperDiv.setID("lesson_wrapper");

			Div headerDiv = new Div();
			headerDiv.setID("lesson_header");

			Div workspaceDiv = new Div();
			workspaceDiv.setClass("lesson_workspace");

			wrapperDiv.addElement(headerDiv);
			wrapperDiv.addElement(workspaceDiv);

			ec.addElement(wrapperDiv);

			workspaceDiv.addElement(createWorkspaceContent(s));

		} catch (Exception e)
		{
			s.setMessage("Error generating " + this.getClass().getName());
			e.printStackTrace();
		}

		return (ec);
	}

	/**
	 * Creation of the content of the workspace
	 * 
	 * @param s
	 * @return Element
	 */
	private Element createWorkspaceContent(WebSession s)
	{
		String user = "";
		user = s.getParser().getStringParameter(USER, "");
		String password = "";
		password = s.getParser().getStringParameter(PASSWORD, "");
		String tan = "";
		tan = s.getParser().getStringParameter(TAN, "");
		String hiddenTan = s.getParser().getStringParameter(HIDDEN_TAN, "");

		ElementContainer ec = new ElementContainer();

		// verify that tan is correct and user is logged in
		if (loggedIn(s) && correctTan(getLoggedInUser(s), tan, hiddenTan, s))
		{
			s.add(CORRECTTAN, "true");
		}
		// user is loggedIn but enters wrong tan
		else if (loggedIn(s) && !correctTan(getLoggedInUser(s), tan, hiddenTan, s))
		{
			s.add(LOGGEDIN, "false");
		}

		// verify the password
		if (correctLogin(user, password, s))
		{
			s.add(LOGGEDIN, "true");
			s.add(LOGGEDINUSER, user);
		}

		// if restart link is clicked owe have to reset log in
		if (!s.getParser().getStringParameter("Restart", "").equals(""))
		{
			s.add(LOGGEDIN, "false");
			s.add(CORRECTTAN, "false");
			resetTans(s);
		}
		// Logout Button is pressed
		if (s.getParser().getRawParameter("logout", "").equals("true"))
		{
			s.add(LOGGEDIN, "false");
			s.add(CORRECTTAN, "false");

		}
		if (loggedIn(s) && correctTan(s))
		{
			s.add(LOGGEDIN, "false");
			s.add(CORRECTTAN, "false");

			createSuccessfulLoginContent(s, ec);
			if (getLessonTracker(s).getStage() == 2)
			{
				if (hiddenTan.equals("1"))
				{
					makeSuccess(s);
				}
			}
			else
			{
				getLessonTracker(s).setStage(2);
				s.setMessage("Stage 1 completed.");
			}
		}

		else if (loggedIn(s))
		{
			int tanNr = getTanPosition(getLoggedInUser(s), s);
			if (tanNr == 0)
			{
				createNoTanLeftContent(ec);

			}
			else
			{
				createAskForTanContent(s, ec, tanNr);
			}

		}
		else
		{
			String errorMessage = "";

			if (!(user + password).equals(""))
			{
				errorMessage = "Login failed! Make sure " + "that user name and password is correct.";
			}
			else if (!tan.equals(""))
			{
				errorMessage = "Login failed. Tan is " + "incorrect.";
			}

			createLogInContent(ec, errorMessage);
		}

		return ec;
	}

	/**
	 * Create content for logging in
	 * 
	 * @param ec
	 */
	private void createLogInContent(ElementContainer ec, String errorMessage)
	{
		Div loginDiv = new Div();
		loginDiv.setID("lesson_login");

		Table table = new Table();
		table.addAttribute("align='center'", 0);
		TR tr1 = new TR();
		TD td1 = new TD();
		TD td2 = new TD();
		td1.addElement(new StringElement("Enter your name: "));
		td2.addElement(new Input(Input.TEXT, USER));
		tr1.addElement(td1);
		tr1.addElement(td2);

		TR tr2 = new TR();
		TD td3 = new TD();
		TD td4 = new TD();
		td3.addElement(new StringElement("Enter your password: "));
		td4.addElement(new Input(Input.PASSWORD, PASSWORD));
		tr2.addElement(td3);
		tr2.addElement(td4);

		TR tr3 = new TR();
		TD td5 = new TD();
		td5.setColSpan(2);
		td5.setAlign("center");

		td5.addElement(new Input(Input.SUBMIT, "Submit", "Submit"));
		tr3.addElement(td5);

		table.addElement(tr1);
		table.addElement(tr2);
		table.addElement(tr3);
		loginDiv.addElement(table);
		ec.addElement(loginDiv);

		H2 errorTag = new H2(errorMessage);
		errorTag.addAttribute("align", "center");
		errorTag.addAttribute("class", "info");
		ec.addElement(errorTag);
	}

	/**
	 * Create content in which the tan is asked
	 * 
	 * @param s
	 * @param ec
	 * @param tanNr
	 */
	private void createAskForTanContent(WebSession s, ElementContainer ec, int tanNr)
	{

		Div loginDiv = new Div();
		loginDiv.setID("lesson_login");

		Table table = new Table();
		table.addAttribute("align='center'", 0);
		TR tr1 = new TR();
		TD td1 = new TD();
		TD td2 = new TD();
		td1.addElement(new StringElement("Enter TAN  #" + tanNr + ": "));
		td2.addElement(new Input(Input.TEXT, TAN));
		tr1.addElement(td1);
		tr1.addElement(td2);

		TR tr2 = new TR();
		TD td3 = new TD();
		td3.setColSpan(2);
		td3.setAlign("center");

		td3.addElement(new Input(Input.SUBMIT, "Submit", "Submit"));
		tr2.addElement(td3);

		table.addElement(tr1);
		table.addElement(tr2);

		ec.addElement(new Input(Input.HIDDEN, HIDDEN_TAN, tanNr));
		loginDiv.addElement(table);
		ec.addElement(loginDiv);
		ec.addElement(createLogoutLink());

	}

	/**
	 * Create content if there is no tan left
	 * 
	 * @param ec
	 */
	private void createNoTanLeftContent(ElementContainer ec)
	{

		ec.addElement(new BR());
		ec.addElement(new BR());
		ec.addElement(new BR());
		ec.addElement(new BR());
		H1 h = new H1("<center>No tan is left! Please contact the admin. </center>");
		ec.addElement(h);
		ec.addElement(createLogoutLink());
	}

	/**
	 * Create content after a successful login
	 * 
	 * @param s
	 * @param ec
	 */
	private void createSuccessfulLoginContent(WebSession s, ElementContainer ec)
	{

		updateTan(getLoggedInUser(s), s);
		String userDataStyle = "margin-top:50px;";

		Div userDataDiv = new Div();
		userDataDiv.setStyle(userDataStyle);
		userDataDiv.addAttribute("align", "center");
		Table table = new Table();
		table.addAttribute("cellspacing", 10);
		table.addAttribute("cellpadding", 5);

		table.addAttribute("align", "center");
		TR tr1 = new TR();
		TR tr2 = new TR();
		TR tr3 = new TR();
		TR tr4 = new TR();
		tr1.addElement(new TD("<b>Firstname:</b>"));
		tr1.addElement(new TD(getLoggedInUser(s)));

		try
		{
			ResultSet results = getUser(getLoggedInUser(s), s);
			results.first();

			tr2.addElement(new TD("<b>Lastname:</b>"));
			tr2.addElement(new TD(results.getString("last_name")));

			tr3.addElement(new TD("<b>Credit Card Type:</b>"));
			tr3.addElement(new TD(results.getString("cc_type")));

			tr4.addElement(new TD("<b>Credit Card Number:</b>"));
			tr4.addElement(new TD(results.getString("cc_number")));

		}

		catch (Exception e)
		{
			e.printStackTrace();
		}
		table.addElement(tr1);
		table.addElement(tr2);
		table.addElement(tr3);
		table.addElement(tr4);

		userDataDiv.addElement(table);
		ec.addElement(userDataDiv);
		ec.addElement(createLogoutLink());
	}

	/**
	 * Create a link for logging out
	 * 
	 * @return Element
	 */
	private Element createLogoutLink()
	{
		A logoutLink = new A();
		logoutLink.addAttribute("href", getLink() + "&logout=true");
		logoutLink.addElement("Logout");

		String logoutStyle = "margin-right:50px; mrgin-top:30px";
		Div logoutDiv = new Div();
		logoutDiv.addAttribute("align", "right");
		logoutDiv.addElement(logoutLink);
		logoutDiv.setStyle(logoutStyle);

		return logoutDiv;
	}

	/**
	 * Update the tan. Every tan should be used only once.
	 * 
	 * @param user
	 * @param s
	 */
	private void updateTan(String user, WebSession s)
	{
		int tanNr = getTanPosition(user, s);
		
		Connection connection = null;

		try
		{
			connection = DatabaseUtilities.getConnection(s);
			String query = "UPDATE user_data_tan SET login_count = ? WHERE first_name = ?";
			PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
																			ResultSet.CONCUR_READ_ONLY);
			prepStatement.setInt(1, tanNr);
			prepStatement.setString(2, user);
			prepStatement.execute();

		} catch (Exception e)
		{
			e.printStackTrace();
		}
		finally
		{
			try
			{
				if (connection != null)
				{
					connection.close();
				}
			}
			catch (Exception e)
			{
				e.printStackTrace();
			}
		}

	}

	/**
	 * If lesson is reseted the tans should be resetted too
	 * 
	 * @param s
	 */
	private void resetTans(WebSession s)
	{
		Connection connection = null;
		try
		{
			connection = DatabaseUtilities.getConnection(s);
			String query = "UPDATE user_data_tan SET login_count = 0 WHERE login_count > 0";
			PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
																			ResultSet.CONCUR_READ_ONLY);
			prepStatement.execute();

		} catch (Exception e)
		{
			e.printStackTrace();
		}
		finally
		{
			try
			{
				if (connection != null)
				{
					connection.close();
				}
			}
			catch (Exception e)
			{
				e.printStackTrace();
			}
		}

	}

	/**
	 * Get the count of the tan
	 * 
	 * @param user
	 * @param s
	 * @return tanPosition
	 */
	private int getTanPosition(String user, WebSession s)
	{
		int tanNr = 0;
		Connection connection = null;
		try
		{
			connection = DatabaseUtilities.getConnection(s);
			String query = "SELECT login_count FROM user_data_tan WHERE first_name = ?";
			PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
																			ResultSet.CONCUR_READ_ONLY);
			prepStatement.setString(1, user);
			ResultSet results = prepStatement.executeQuery();

			if ((results != null) && (results.first() == true))
			{

				tanNr = results.getInt(results.getRow());
				tanNr = tanNr + 1;
				if (tanNr > 5)
				{
					tanNr = 0;
				}
				// make sure you don't get the first tan in stage 2
				if (getLessonTracker(s).getStage() == 2 && tanNr == 1)
				{
					++tanNr;
				}
			}
		} catch (Exception e)
		{
			e.printStackTrace();
		}
		finally
		{
			try
			{
				if (connection != null)
				{
					connection.close();
				}
			}
			catch (Exception e)
			{
				e.printStackTrace();
			}
		}

		return tanNr;
	}

	/**
	 * Get a user by its name
	 * 
	 * @param user
	 * @param s
	 * @return ResultSet containing the user
	 */
	private ResultSet getUser(String user, WebSession s)
	{
		Connection connection = null;
		try
		{
			connection = DatabaseUtilities.getConnection(s);
			String query = "SELECT * FROM user_data_tan WHERE first_name = ? ";
			PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
																			ResultSet.CONCUR_READ_ONLY);
			prepStatement.setString(1, user);

			ResultSet results = prepStatement.executeQuery();

			return results;

		} catch (Exception e)
		{
			e.printStackTrace();
		}
		finally
		{
			try
			{
				if (connection != null)
				{
					connection.close();
				}
			}
			catch (Exception e)
			{
				e.printStackTrace();
			}
		}
		return null;

	}

	/**
	 * See if the tan is correct
	 * 
	 * @param user
	 * @param tan
	 * @param tanPosition
	 * @param s
	 * @return true if the tan is correct
	 */
	private boolean correctTan(String user, String tan, String tanPosition, WebSession s)
	{
		if (tan.equals("")) { return false; }
		Connection connection = null;
		try
		{
			connection = DatabaseUtilities.getConnection(s);
			String query = "SELECT user_data_tan.userid FROM user_data_tan, tan WHERE user_data_tan.first_name = ? "
					+ "AND user_data_tan.userid = tan.userid AND tan.tanValue = ? AND tan.tanNr = ?";
			PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
																			ResultSet.CONCUR_READ_ONLY);
			prepStatement.setString(1, user);
			prepStatement.setString(2, tan);
			prepStatement.setString(3, tanPosition);

			ResultSet results = prepStatement.executeQuery();

			if ((results != null) && (results.first() == true)) {

			return true;

			}

		} catch (Exception e)
		{
			e.printStackTrace();
		}		finally
		{
			try
			{
				if (connection != null)
				{
					connection.close();
				}
			}
			catch (Exception e)
			{
				e.printStackTrace();
			}
		}
		return false;
	}

	/**
	 * See if the password and corresponding user is valid
	 * 
	 * @param userName
	 * @param password
	 * @param s
	 * @return true if the password was correct
	 */
	private boolean correctLogin(String userName, String password, WebSession s)
	{
		Connection connection = null;
		try
		{
			connection = DatabaseUtilities.getConnection(s);
			String query = "SELECT * FROM user_data_tan WHERE first_name = ? AND password = ?";
			PreparedStatement prepStatement = connection.prepareStatement(query, ResultSet.TYPE_SCROLL_INSENSITIVE,
																			ResultSet.CONCUR_READ_ONLY);
			prepStatement.setString(1, userName);
			prepStatement.setString(2, password);

			ResultSet results = prepStatement.executeQuery();

			if ((results != null) && (results.first() == true)) {

			return true;

			}

		} catch (Exception e)
		{
			e.printStackTrace();
		}
		finally
		{
			try
			{
				if (connection != null)
				{
					connection.close();
				}
			}
			catch (Exception e)
			{
				e.printStackTrace();
			}
		}

		return false;

	}

	/**
	 * Gets the category attribute of the RoleBasedAccessControl object
	 * 
	 * @return The category value
	 */
	protected ElementContainer doStage1(WebSession s)
	{
		ElementContainer ec = new ElementContainer();
		ec.addElement(createMainContent(s));
		return ec;

	}

	/**
	 * After finishing succesful stage1 this function is called
	 */
	protected Element doStage2(WebSession s)
	{
		ElementContainer ec = new ElementContainer();
		ec.addElement(createMainContent(s));
		return ec;
	}

	/**
	 * Get the category
	 * 
	 * @return the category
	 */
	protected Category getDefaultCategory()
	{
		return Category.AUTHENTICATION;
	}

	/**
	 * Gets the hints attribute of the RoleBasedAccessControl object
	 * 
	 * @return The hints value
	 */
	public List<String> getHints(WebSession s)
	{
		List<String> hints = new ArrayList<String>();

		hints.add("Stage 1: Just do a regular login");
		hints.add("Stage 2: How does the server know which TAN has to be used?");
		hints.add("Stage 2: Maybe taking a look at the source code helps");
		hints.add("Stage 2: Watch out for hidden fields");
		hints.add("Stage 2: Manipulate the hidden field 'hidden_tan'");

		return hints;

	}

	/**
	 * Get the instructions for the user
	 */
	public String getInstructions(WebSession s)
	{
		String instructions = "";
		if (getLessonTracker(s).getStage() == 1)
		{
			instructions = "STAGE 1:\t This stage is just to show how a classic multi login works. "
					+ "Your goal is to do a regular login as <b>Jane</b> with password <b>tarzan</b>. "
					+ "You have following TANs: <br>" + "Tan #1 = 15648<br>" + "Tan #2 = 92156<br>"
					+ "Tan #3 = 4879<br>" + "Tan #4 = 9458<br>" + "Tan #5 = 4879<br>";

		}
		else if (getLessonTracker(s).getStage() == 2)
		{
			instructions = "STAGE 2:\tNow you are a hacker who " + "already has stolen some information from Jane by "
					+ "a phishing mail. " + "You have the password which is tarzan and "
					+ "the Tan #1 which is 15648 <br>" + "The problem is that the first tan is already "
					+ "used... try to break into the system anyway. ";
		}

		return (instructions);
	}

	private final static Integer DEFAULT_RANKING = new Integer(110);

	/**
	 * Get the ranking for the hirarchy of lessons
	 */
	protected Integer getDefaultRanking()
	{
		return DEFAULT_RANKING;
	}

	/**
	 * Get the title of the Lesson
	 */
	public String getTitle()
	{
		return ("Multi Level Login 1");
	}

	public Element getCredits()
	{
		return super.getCustomCredits("Created by: Reto Lippuner, Marcel Wirth", new StringElement(""));
	}
}
